<%@page import="cn.jussi.dao.BaseDao"%>
<%@ page language="java" contentType="text/html; charset=utf-8"
    pageEncoding="utf-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Insert title here</title>
</head>
<body>
	
	<!-- 此方法存在 SQL注入  -->
	<%
		BaseDao baseDao = new BaseDao();
		String username = request.getParameter("username");
		String password = request.getParameter("password");
		String phoneNum = request.getParameter("phoneNum");
		String address = request.getParameter("address");
		java.sql.Date date = new java.sql.Date(new java.util.Date().getTime());
		
		String sql = "insert into users "+
				"values('"+username+"','"+password+"','"+phoneNum+"','"+address+"','"+date+"')";
		
		int count = baseDao.IUD(sql);
		
		if(count > 0){
			out.println("插入成功");
		}	
	%>
	
</body>
</html>